We would be unwise to tut-tut as we read of another set of data falling into the wrong hands unless we have closed every door in our own organisations.
The FSA conducted a review across 39 firms including banks, building societies, insurance companies and financial advisers and found that senior management do not recognise the value of their customers’ data to fraudsters. The regulator warned firms to change their attitude to data security and warned that it will take action if future breaches are found.
It said: “It is worrying that despite increased public awareness of the impact that identity theft can have on customers, many firms are still not taking this risk seriously. Customers have a right to be confident that firms are doing everything reasonably possible to keep their personal and financial details safe. Some firms have made progress by adopting good practice while others need to do more in this area to ensure they are treating their customers fairly.”
Under the TCF initiative, we are required to conduct a gap analysis. Data security and disaster recovery will surely be under consideration. We need to return to basics if we are to fulfil our obligations.
We should make sure the right papers are going into the right envelopes. Computer data should be backed up and taken off site securely. Laptops and files should not be left in cars. Security questions should be asked when giving personal information over the phone.
However, it came home to me that it is more than any of this when I took the train from Paddington back to my home village in the Cotswolds a few weeks ago. I should explain that I never choose to sit in a quiet carriage. This is not because I want to spend an hour and a half making calls on my mobile, it is just that I might receive a call or, if delayed, I might want to make a brief call to my home or office.
This particular evening was no exception. I was not in the quiet carriage but I was to be joined at the table by someone who definitely did not share my views on when a mobile should be used, nor how long a call should be.
This complete stranger delved for some papers and then hit the phone. He was plainly an insurance broker on a mission to impress the rest of the compartment or seriously annoy us. Between Slough and Reading, I learned who he worked for, which insurance companies he was negotiating with, who his clients were and what he was being quoted for employers’ liability insurance, product liability, the motor fleet and loss of profits.
We were given temporary respite as he lost his signal near Oxford. Whoopee. Unfortunately, he soon droned on again. Knowing that I was due to write another article and that treating customers fairly is among our main pre-occupations, I reflected on this 90-minute masterclass in ignoring customer confidentiality.
I could have been a rival broker. I certainly would have had enough information to have a go at competing with or embarrassing a competitor.
Data security and client confidentiality is not just about hard disks, CDs, USB sticks and paper files, it is about conversations and not allowing complete strangers to have information they are not entitled to.
Surely, no call on a mobile while we are on a train is so important and urgent that we cannot call back when we get off the train? Surely, we can, at least, give initials rather than names and watch what we are saying?
It is not for us to give confidential data without authority. By any measure, this was certainly treating customers unfairly.
Len Warwick, CBE, is chairman of Warwick Butchart Associates